Pages: 1 [2] 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.17 13:42:00 -
[31] - Quote
Random Celestial wrote:dexington wrote:Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction. You can buy 1000 captcha solves for $1.37 USD. <- Runs craigslist bots for car dealers, CL dropped captchas now though.
Having to spend 1.37$ to check the 1000 commonly used passwords, with a paper trail to the company doing the captcha solving, is really not a sweet deal.
You are right, captcha is not going to stop all attacks, but at some point attackers are going to look for easier targets. You can probably find a lot of corp website or 3. party forums with a decent amount of active users, if they have a login mechanic, there is a good chance you can find some combination of username/email/password that would enable you to access some/several eve accounts.
In the end it's probably going to be easier to find a security vulnerability in a 3. party web site, then trying to brute force accounts on a ccp owned site, with or without captcha, but each layer of security makes the target less attractive. |
Lord Ryan
Quantum Cats Syndicate
540
|
Posted - 2012.07.17 13:58:00 -
[32] - Quote
capshit would be the straw......................... -á"Nerf it cause I can't fly it". I want to fly a badass Mon Calamari stlye-ácruiser painted to match my Tron clothes. |
Kisumii
Bio-Tech Research Luna Sanguinem
81
|
Posted - 2012.07.17 14:34:00 -
[33] - Quote
This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked... |
Blastcaps Madullier
Celestial Horizon Corp. Ethereal Dawn
61
|
Posted - 2012.07.17 14:37:00 -
[34] - Quote
no thank you, that systems a pain in the ass and frankly dont want to see it, authenticators for smart phones maybe, this crap persoanly want no part of, frequently you have to refresh the "phrase" several times just to get one thats barely readable, so with due respect **** THAT.
|
AureoBroker
Etoilles Mortant Ltd. Solyaris Chtonium
53
|
Posted - 2012.07.17 14:44:00 -
[35] - Quote
Captchas do not work in the slightest.
Email code would be much better, or authenticator after that. |
Alayna Le'line
10
|
Posted - 2012.07.17 14:51:00 -
[36] - Quote
Tarsus Zateki wrote:Either way as a user of an authenticator in my Blizzard games I'd happily support two part authentication in Eve Online, even if it was a just a simple E-Mail code sent to you when you try to log-in through an unfamiliar IP Address and such.
Rift did this e-mail thing and it was extremely annoying. E-mail is NOT an instant form of communication, something people tend to forget, and having to wait 10minutes or more before you can do anything on your account (it would disallow buying/selling/trashing of items until you had verified your account)
Also CAPTCHA's are a terrible terrible form of authentication: either they are too readable and can be broken by bots, or they are not readable, and can't be read by the humans supposed to be reading them either. In the worst case they mess around with various kinds of colors on top of the regular gibberish making things just impossible for people like me (that is, [partially] colorblind people). I HATE captchas with a fiery passion.
Now Blizzard (and a bunch of other companies, like Bioware I think) use an authenticator that spits out a semi-random number that you have to input together with your password, that I can get behind. It works wonders. Typing in a number takes just seconds and you can generally install an application on your phone as well as have a hardware authenticator (or multiple) attached to one single account (so you're not tied down when on the move or when you manage to lose on or the other).
Of course EVE being EVE it'd be nice if you could use one authenticator for multiple accounts, think of poor Chribba folks... ;)
|
Roc Wieler
Tribal Liberation Force Minmatar Republic
177
|
Posted - 2012.07.17 16:16:00 -
[37] - Quote
Last year at Fanfest they actually handed out random code generators. I still have mine. I think they went down this path and abandoned it. I would be interested in finding out why. Never start a fight you can win.
|
highonpop
Void.Tech Fatal Ascension
138
|
Posted - 2012.07.17 16:16:00 -
[38] - Quote
1 simple step in a bigger war against bots.
doit SEE YOU IN 319 STATION!!! WOOO HOOOO!!!!! |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.17 17:03:00 -
[39] - Quote
I would personally prefer an authenticator rather than a CAPTCHA.
My 0.02 ISK |
Vaerah Vahrokha
Vahrokh Consulting
1661
|
Posted - 2012.07.17 17:21:00 -
[40] - Quote
Kisumii wrote:This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked...
No, the majority of players is on dynamic IP and mails *by design* may arrive hours late.
Plus some folks (like me) since years have their accounts bound to an email that the server makes available only after 20 minutes or so. Imagine having to wait 20 mins per each log in. Auditing | Collateral holding and insurance | Consulting | PLEX for Good Charity
Twitter channel |
|
Just Lilly
17
|
Posted - 2012.07.17 19:21:00 -
[41] - Quote
How about an mobile authenticator instead, like the one Blizzard use. It's a free app for your smartphone.
Everyone use smartphones... May 15 2012 |
Dave stark
Perkone Caldari State
193
|
Posted - 2012.07.17 19:23:00 -
[42] - Quote
user name and password is fine. this is a game not my online banking. Reading my posts is like panning for gold; most it will be useless, but occasionally you'll find a nugget of gold. |
Lin-Young Borovskova
Science and Trade Institute Caldari State
522
|
Posted - 2012.07.17 19:25:00 -
[43] - Quote
Finde learth wrote:Oberine Noriepa wrote: Note that those screenshots feature the launcher and not the client itself. It's not a bad thing in the slightest.
You can't log in unless you use the launcher log in. So it means if eve auto restart for any reasons, you need to close the auto restart EVE then use the launcher log in. That's very annoying. And the launcher log in won't save your account name.
Nor prevents the account of being stolen or bots anyway, well maybe just in some silly dudes minds. brb |
Cede Forster
Graffa
8
|
Posted - 2012.07.17 19:34:00 -
[44] - Quote
optional authenticator would be nice, just using username + password to secure the account feels a little like walking at night through detroit
with a blond wig, a miniskirt and bag full of drugs |
Tarsus Zateki
GoonWaffe Goonswarm Federation
735
|
Posted - 2012.07.17 22:55:00 -
[45] - Quote
Dave stark wrote:user name and password is fine. this is a game not my online banking.
Of course stealing banking information is a felony in most countries while stealing an Eve Online account isn't. Having a little extra security on something you value that has no real criminal repercussions isn't a bad idea. The value of stolen WoW accounts is the reason Blizzard sells authentication fobs at a loss and provides free authenticators for smart phones. They can't prosecute account thieves and the customer service costs of dealing with stolen accounts is far more than the price of fobs.
Its even worse in Eve Online as a compromised account can not only result in a loss of ISK and assets but could jeopardize the gameplay and assets of hundred or thousands of other people in the case of corporation CEOs and alliance executors. You asked me once, what was in Room 101. I told you that you knew the answer already. Everyone knows it. The thing that is in Room 101 is the worst thing in the world. |
Terminal Insanity
The Filthy Ones
639
|
Posted - 2012.07.17 23:03:00 -
[46] - Quote
YES make this a requirement for trials or accounts that are less then a few months old.
NO, DO NOT MAKE ME FILL IN THOSE GODDAMN UNREADABLE CAPTCHAS EVERY ******* GODDAMN TIME I LOG IN.
I already spend more time trying to decipher captchas then anyone should have to. "War declarations are never officially considered griefing and are not a bannable offense, and it has been repeatedly stated by the developers that the possibility for non-consensual PvP is an intended feature." - CCP |
Mr M
Agony Unleashed
181
|
Posted - 2012.07.17 23:59:00 -
[47] - Quote
I hate it when I get a captcha like this.
|
Vitamin B12
30
|
Posted - 2012.07.18 05:27:00 -
[48] - Quote
dexington wrote:Chokichi Ozuwara wrote:Captcha does nothing to secure your account. Bots are designed to capture captchas and fire them off to third party solving services (manual and automated) which beat them easily.
Adding this would be stupid. It would be like 2008 all over again. It protects you account against brute force attacks, or at least makes the process of brute force attacks slow and expensive if there is no way to decode the answer without human interaction.
Brute Force need to be adressed on the server side (CCP) not on the client. If a file is on my computer I can modify it. That is really bad and weak protection. Never give the user control over something.
Regarding "login attempts": I would really like to see the security feature we already got on evegate also in the client. If you are logging in first time with this maschine ask for character names on the account.
/vita
Capital Ships Related BPC's & BPO's // fair price-á// fast delivery https://forums.eveonline.com/default.aspx?g=posts&m=973041 |
dexington
Lysergic.acid.diethylamide
53
|
Posted - 2012.07.18 06:25:00 -
[49] - Quote
Vitamin B12 wrote:Brute Force need to be adressed on the server side (CCP) not on the client. If a file is on my computer I can modify it. That is really bad and weak protection. Never give the user control over something.
I'm not sure i get your point, the image is generated server side, and send to the client. You can modify the image as you like, but the server is still going to require the correct answer associated with the image, to grant you access to the system.
|
Altrue
Exploration Frontier inc
13
|
Posted - 2012.07.18 07:52:00 -
[50] - Quote
This should be interesting to prevent botting, or at least to make their life harder after downtime, requiring a manual intervention.
So, the idea of having a CHAPTA for the first months of an account is imo a good idea.
After.. I see no point, an optionnal authentificator would be fine. "- What is the end-game content of EvE ? -á- The New Unified Inventory. Every player dreams of using it comfortably, but only a few hardcore gamers achieve to do so." |
|
Haffsol
Froody Guys Spaceships Business
7
|
Posted - 2012.07.18 08:12:00 -
[51] - Quote
sorry I'm a bot and can't read captcha
is https too easy to implement or what? |
dexington
Lysergic.acid.diethylamide
54
|
Posted - 2012.07.18 08:35:00 -
[52] - Quote
Haffsol wrote:is https too easy to implement or what?
It's two different thing, https is applying a application layer cryptographic protocol to the http protocol, http + ssl. This is used to avoid eavesdropping and tampering of the data send between two computers.
Captcha is primary a means to try and force human interaction in a given process, most often the login process. |
ChrisDude70
The Night Crew The Night Crew Alliance
24
|
Posted - 2012.07.18 10:38:00 -
[53] - Quote
Kisumii wrote:This is bollocks, Just do what RIFT did, If you log in from unfamiliar IP you cannot spend or move any items until you check your email for the coin lock code and punch it in game. Simples.
Unless ofcourse you was dumb enough to get your game AND email hacked...
This would be a massive pain for us folks with dynamic IPs.
IIRC CCP had some form of keyfob authentication in the works from a few years ago. |
Aramatheia
European Nuthouse
49
|
Posted - 2012.07.18 11:02:00 -
[54] - Quote
Tarsus Zateki wrote:Using two part authentication works really well in Blizzard's line of games. No one that uses an authenticator has been publicly proven to have had their accounts compromised (lots of folks that have lied about having one though and have been hilariously called out by Blizzard GMs after claiming to be hacked). Of course with nearly ten million subscribers to World of Warcraft and several million other players in Diablo 3 there is a huge market for currency and items sourced from stolen accounts. I wonder how large an issue this is in Eve Online.
Either way as a user of an authenticator in my Blizzard games I'd happily support two part authentication in Eve Online, even if it was a just a simple E-Mail code sent to you when you try to log-in through an unfamiliar IP Address and such.
Edit: In before everyone who's afraid of change.
best part of blizzards authenticator is even if you havent used a blizzard game in a year (such as myself) youry account is still secure, i check on mine from time to time i just dont play the games anymore. I'd be fine with a physical eve authenticator just like the blizz one. In fact more so then stupid captcha's which only work because the letters are 99% unreadable and a human has to click through about 20 options of crap to find something that actually resembles alpha numeric entities |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.18 13:05:00 -
[55] - Quote
On the other hand it could be worse than a CAPTCHA. Look at L2 and Aion where you have to manually enter a 6 digits PIN on a constantly shifting virtual keypad each time you want to log in with a character, and of course the PIN is different for each of your character. |
Lilliana Stelles
Mindstar Technology Executive Outcomes
110
|
Posted - 2012.07.18 13:10:00 -
[56] - Quote
Captchas I can deal with.
Just so long as I don't have to carry around a plastic authenticator to play the game. |
dexington
Lysergic.acid.diethylamide
55
|
Posted - 2012.07.18 13:18:00 -
[57] - Quote
Lilliana Stelles wrote:Just so long as I don't have to carry around a plastic authenticator to play the game.
If/when two-factor authentication is added, i think it's going to be optional to use it, at least that is now it was implemented in other popular mmo's. |
Lilliana Stelles
Mindstar Technology Executive Outcomes
110
|
Posted - 2012.07.18 13:31:00 -
[58] - Quote
dexington wrote:Lilliana Stelles wrote:Just so long as I don't have to carry around a plastic authenticator to play the game. If/when two-factor authentication is added, i think it's going to be optional to use it, at least that is now it was implemented in other popular mmo's. Swtor and Diablo 3 both REQUIRED authentication to use specific features. I ended up buying them before I got a smartphone. I'd rather not have to deal with it in Eve. |
Verfanny
Imperial Shipment Amarr Empire
0
|
Posted - 2012.07.18 13:32:00 -
[59] - Quote
Lilliana Stelles wrote:Captchas I can deal with.
Just so long as I don't have to carry around a plastic authenticator to play the game.
There will most likely be a smartphone app too. |
Palovana
Inner Fire Inc.
258
|
Posted - 2012.07.18 14:39:00 -
[60] - Quote
Mr M wrote:I hate it when I get a captcha like this. +ö+¦++ +¡-ç+¦-ä+¦ +¦+++++++++¦+¦-î +¦++-å+¼+¦++-ä++ -â-ä++ -Ç+++++¦-ä-ü++++-î+¦+¦-î -â+¦-é? Please support: export of settings in editable format
Your stuff goes here. |
|
|
|
|
Pages: 1 [2] 3 :: one page |
First page | Previous page | Next page | Last page |